Authentication between Desfire EV1 and SAM AV2

[mifare desfire]

Hello
I want to Authenticate between Desfire EV1 and SAM AV2 in AV2 mode,
I send the following command between card and SAM but I don't take 90 00 in last command.
(SAM is in AV2 mode of course when it is in AV1 mode I take same response.)
please guide me.
I think I should switch from DES to AES in Desfire but I don't know I do it.

-----------------------------------------------------------
Desfire Command> 90 1A 00 00 01 00 00
Desfire Response 80 0A 00 00 0A 01 01 BF BC 59 EF B2 90 26 51 00
SAM Response 90 AF 00 00 10 10 4C E1 DA F6 A2 E7 51 44 01 86 F3 0D D1 B9 EB 00
Desfire Response 80 0A 00 00 08 DE E9 3D 38 8B D7 74 3C 00
SAM Response< 67 00
-----------------------------------------------------------

---

+ 0  |  - 0

[TapLinx Support]

Hi “Mifare Desfire”,

I cannot guide you in a public forum, because the SAM AV2 is NDA classified material.

It seems, that you do not use the X-mode. Do you know the following application note:

AN1826 MIFARE SAM AV2 - For MIFARE DESFire EV1

The error indicates a wrong length of the APDU command or a wrong Lc byte.

The TapLinx team

---

+ 1  |  - 0

[mifare desfire]

thanks for your reply
I have AN182610 SAM AV2-For Mifare Desfire EV1 document,Is this document useful for resolving the problem.
if yes,which page(s) guide me?
I write commands completely.

------------commands----------------
Desfire Command> 90 1A 00 00 01 00 00
Desfire Response 80 0A 00 00 0A 01 01 BF BC 59 EF B2 90 26 51 00
SAM Response 90 AF 00 00 10 10 4C E1 DA F6 A2 E7 51 44 01 86 F3 0D D1 B9 EB 00
Desfire Response 80 0A 00 00 08 DE E9 3D 38 8B D7 74 3C 00
SAM Response< 67 00

---

+ 0  |  - 0

[mifare desfire]

thanks for your reply
I have AN182610 SAM AV2-For Mifare Desfire EV1 document,Is this document useful for resolving the problem.
if yes,which page(s) guide me?
I write commands completely.
---------commands--------------

Desfire Command> 90 1A 00 00 01 00 00 

Desfire Response 80 0A 00 00 0A 01 01 BF BC 59 EF B2 90 26 51 00 

SAM Response 90 AF 00 00 10 10 4C E1 DA F6 A2 E7 51 44 01 86 F3 0D D1 B9 EB 00 

Desfire Response 80 0A 00 00 08 DE E9 3D 38 8B D7 74 3C 00 

SAM Response< 67 00 

---

+ 0  |  - 0

[TapLinx Support]

Hi “Mifare Desfire”,

Did you check the authentication without the SAM? Did it work properly? The error indicates a wrong length byte. This can occur if a longer (or shorter) key is expected which means you use the wrong cipher, 2K3DES instead of AES or vice versa.

The AN 1826 – MIFARE SAM AV2 – For MIFARE DESFire EV1 has a lot of examples with various key values and types.

The TapLinx team

---

+ 0  |  - 0

[mifare desfire]

Hi,
thanks for your reply.
our desfire card EV1 is in DES mode and our SAM AV2 is in AV2 mode.
I want authenticate between them in DES mode.
I don't know how change EXTset or SET or other thing in SAM.

---

+ 0  |  - 0

[Ahmad]

I need some clarification In this command -80 0A 00 00 0A 01 01 BF BC 59 EF B2 90 26 51 00 after 0A(Data Length) what is 01 01?

---

+ 0  |  - 0

[TapLinx Support]

Hi Nazir,

Do you have the application note “AN1826 – MIFARE SAM AV2 – For MIFARE DESFire EV1”? In non-X mode you have to route all card commands to the SAM. With the “80 0A…” sequence you send the first card response form the DESFire to the SAM. The answer from SAM must be re-routed back to the card. The application note has a lot of examples with calculated values for en/decryption.

Regards,
The TapLinx team

---

+ 0  |  - 0

[Ahmad]

Hi,
Thanks for your reply
i don't have application note “AN1826 – MIFARE SAM AV2 – For MIFARE DESFire EV1"
still i am not getting what does mean by "0A 01 01" in the command 80 0A 00 00 0A 01 01 BF BC 59 EF B2 90 26 51 00

---

+ 0  |  - 0

[TapLinx Support]

Hi Nazir,

The byte sequence "80 0A ..." start the authentication in non-X-mode. It is explained in detail in the datasheet "P5DF081 – MIFARE Secure Access Module SAM AV2" on page 160 SAM_AuthenticatePICC. The authenticate run over three stages where you transfer the DESFire response to the SAM and transfer the SAM response to the DESFire via your reader. With the third parameter you define the authentication mode, whether or not you want to use key diversification etc.

The TapLinx team

---

+ 0  |  - 0

[Ahmad]

Hi thank you for your reply
can you please provide the document "P5DF081 – MIFARE Secure Access Module SAM AV2"

---

+ 0  |  - 0

[TapLinx Support]

Hi Nazir,

This document is available via DocStore, the NXP datasheet and document server for customers. Please notice, the MIFARE SAM AV2 datasheets are NDA classified. If you are working on a MIFARE SAM AV2 project, you should already have signed the NDA and have already access to the DocStore.

Regards,
The TapLinx team

---

+ 0  |  - 0

[Author]

Posts